Apache Friends Support Forum

Greetings,

I am trying to setup a XAMPP 1.7.3 installation in order to use SSL certificates (both server & client) in Windows Vista 32-bit edition. I've browsed the forum and I've found bits of information here and there, but what I need (if possible) is a brief description of each of the necessary steps of the procedure. XAMPP comes with SSL support already activated, so I've tested that https works fine. The topics that I need help/directions are:

-Create a CA
-Create the server key & certificate
-Create the client key & certificate (do I need only 1?)
-Implement the above in a PHP login page

Thank you in advance,

cthugr

There is a bat file in the \xampp\apache folder called makecert.bat file that will help with your goal.
The locations and example ssl keys etc are all in the \xampp\apache\conf folder.

Here are a few links that are worth a read:
http://robsnotebook.com/xampp-ssl-encrypt-passwords
http://slacksite.com/apache/certificate.php
http://www.instantssl.com/ssl-certifica ... d_ssl.html

More from this web search.
http://www.google.com/search?q=generati ... with+xampp

A good source for a free SSL certificate and that's cheap, can be found here:
http://www.cacert.org/
The site needs to be read thoroughly to understand what is on offer (a free SSL Certificate).


I am not sure what you mean by implementing the above in a php login page as that side of the equation deals with Authentication, Authorization and Access Control:
http://httpd.apache.org/docs/2.2/howto/auth.html

Once again life can be made easy with XAMPP by using the \xampp\apache\bin\htpasswd.exe file mentioned in the above link to create user/pass combos - or there are specific pre-made php scripts out there specifically for your needs - www.hotscripts.com is a good place to start.

Greetings,

thank you for your reply Izzy!

What I am trying to do is to ask the client for its certificate everytime he tries to connect to the server. From what I understand the steps for this process are those that I have described in my first post. I have found the following commands in the apache-ssl.org site:


Now I've got my server installed, how do I create a test certificate?

Step one - create the key and request:

openssl req -new > new.cert.csr

Step two - remove the passphrase from the key (optional):

openssl rsa -in privkey.pem -out new.cert.key

Step three - convert request into signed cert:

openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365

The Apache-SSL directives that you need to use the resulting cert are:

SSLCertificateFile /path/to/certs/new.cert.cert
SSLCertificateKeyFile /path/to/certs/new.cert.key

How do I create a client certificate?

Step one - create a CA certificate/key pair, as above.

Step two - sign the client request with the CA key:

openssl x509 -req -in client.cert.csr -out client.cert.cert -signkey my.CA.key -CA my.CA.cert -CAkey my.CA.key -CAcreateserial -days 365

Step three - issue the file 'client.cert.cert' to the requester.

The Apache-SSL directives that you need to validate against this cert are:

SSLCACertificateFile /path/to/certs/my.CA.cert
SSLVerifyClient 2


The point is that I am not sure about what should I do first, etc. Do I need to first create the CA, then the server cert & key and then the client cert & key in this order? Some command line examples would surely help! Thank you in advance,

cthugr